A variety of techniques have been proposed heretofore to filter data transmitted and received on a network, in order to prevent attacks from the outside in communication systems such as the Internet. Examples of the attacks from the outside include a buffer overflow attack, a format string attack, and so on, and many of these types of attacks are attacks using a communication message violating a communication rule defined in a protocol of an application layer (e.g., HTTP (HyperText Transfer Protocol) or SMTP (Simple Mail Transfer Protocol)) of the OSI (Open Systems Interconnection) reference model.
Since the message violating the protocol of the application layer contains a factor of an irregularity inside the contents of data, i.e., a payload of a packet (the main body of data originally desired to be transferred, except for information of the header in the packet), it is not detected by packet filtering for detecting irregular data with reference to the header information of the packet. In order to detect the irregular message in the application layer protocol, it is necessary to reference the contents of the data, and there is an application gateway for detecting the irregular message in this manner (e.g., reference is made to Non-patent Document 1 below).                Non-patent Document 1: Yukio Ito, Masayoshi Shido, and Osamu Noguchi “Illustrated & Standard Current VPN Handbook,” pp 56-61, Shuwa System Co., Ltd., May 2003        